CN1617494A - 一种建立会话事务标识和网络应用实体之间关联的方法 - Google Patents
一种建立会话事务标识和网络应用实体之间关联的方法 Download PDFInfo
- Publication number
- CN1617494A CN1617494A CNA2003101140699A CN200310114069A CN1617494A CN 1617494 A CN1617494 A CN 1617494A CN A2003101140699 A CNA2003101140699 A CN A2003101140699A CN 200310114069 A CN200310114069 A CN 200310114069A CN 1617494 A CN1617494 A CN 1617494A
- Authority
- CN
- China
- Prior art keywords
- tid
- naf
- bsf
- information
- inquiry
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 230000003993 interaction Effects 0.000 title 1
- 230000004044 response Effects 0.000 claims description 23
- 230000008859 change Effects 0.000 claims description 12
- 230000006854 communication Effects 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 8
- 238000007689 inspection Methods 0.000 claims description 3
- 230000000875 corresponding effect Effects 0.000 description 14
- 230000008569 process Effects 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 5
- 238000012795 verification Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 230000002596 correlated effect Effects 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000009432 framing Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04J—MULTIPLEX COMMUNICATION
- H04J13/00—Code division multiplex systems
- H04J13/10—Code generation
- H04J13/12—Generation of orthogonal codes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/10—Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/12—Payment architectures specially adapted for electronic shopping systems
- G06Q20/123—Shopping for digital content
- G06Q20/1235—Shopping for digital content with control of digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/385—Payment protocols; Details thereof using an alias or single-use codes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/42—Confirmation, e.g. check or permission by the legal debtor of payment
- G06Q20/425—Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/02—Marketing; Price estimation or determination; Fundraising
- G06Q30/0241—Advertisements
- G06Q30/0277—Online advertisement
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
- G06Q30/0601—Electronic shopping [e-shopping]
- G06Q30/0609—Buyer or seller confidence or verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
- G06Q50/18—Legal services
- G06Q50/188—Electronic negotiation
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F17/00—Coin-freed apparatus for hiring articles; Coin-freed facilities or services
- G07F17/16—Coin-freed apparatus for hiring articles; Coin-freed facilities or services for devices exhibiting advertisements, announcements, pictures or the like
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B7/00—Radio transmission systems, i.e. using radiation field
- H04B7/02—Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas
- H04B7/04—Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas
- H04B7/06—Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas at the transmitting station
- H04B7/0602—Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas at the transmitting station using antenna switching
- H04B7/0604—Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas at the transmitting station using antenna switching with predefined switching scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B7/00—Radio transmission systems, i.e. using radiation field
- H04B7/02—Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas
- H04B7/04—Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas
- H04B7/08—Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas at the receiving station
- H04B7/0837—Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas at the receiving station using pre-detection combining
- H04B7/084—Equal gain combining, only phase adjustments
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B7/00—Radio transmission systems, i.e. using radiation field
- H04B7/14—Relay systems
- H04B7/15—Active relay systems
- H04B7/155—Ground-based stations
- H04B7/15528—Control of operation parameters of a relay station to exploit the physical medium
- H04B7/15535—Control of relay amplifier gain
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/004—Arrangements for detecting or preventing errors in the information received by using forward error control
- H04L1/0041—Arrangements at the transmitter end
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/004—Arrangements for detecting or preventing errors in the information received by using forward error control
- H04L1/0045—Arrangements at the receiver end
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/004—Arrangements for detecting or preventing errors in the information received by using forward error control
- H04L1/0056—Systems characterized by the type of code used
- H04L1/0064—Concatenated codes
- H04L1/0066—Parallel concatenated codes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/004—Arrangements for detecting or preventing errors in the information received by using forward error control
- H04L1/0056—Systems characterized by the type of code used
- H04L1/0067—Rate matching
- H04L1/0068—Rate matching by puncturing
- H04L1/0069—Puncturing patterns
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/004—Arrangements for detecting or preventing errors in the information received by using forward error control
- H04L1/0056—Systems characterized by the type of code used
- H04L1/0071—Use of interleaving
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/02—Arrangements for detecting or preventing errors in the information received by diversity reception
- H04L1/06—Arrangements for detecting or preventing errors in the information received by diversity reception using space diversity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/08—Arrangements for detecting or preventing errors in the information received by repeating transmission, e.g. Verdan system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/12—Arrangements for detecting or preventing errors in the information received by using return channel
- H04L1/16—Arrangements for detecting or preventing errors in the information received by using return channel in which the return channel carries supervisory signals, e.g. repetition request signals
- H04L1/18—Automatic repetition systems, e.g. Van Duuren systems
- H04L1/1812—Hybrid protocols; Hybrid automatic repeat request [HARQ]
- H04L1/1819—Hybrid protocols; Hybrid automatic repeat request [HARQ] with retransmission of additional or different redundancy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/12—Arrangements for detecting or preventing errors in the information received by using return channel
- H04L1/16—Arrangements for detecting or preventing errors in the information received by using return channel in which the return channel carries supervisory signals, e.g. repetition request signals
- H04L1/18—Automatic repetition systems, e.g. Van Duuren systems
- H04L1/1829—Arrangements specially adapted for the receiver end
- H04L1/1835—Buffer management
- H04L1/1841—Resequencing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/12—Arrangements for detecting or preventing errors in the information received by using return channel
- H04L1/16—Arrangements for detecting or preventing errors in the information received by using return channel in which the return channel carries supervisory signals, e.g. repetition request signals
- H04L1/18—Automatic repetition systems, e.g. Van Duuren systems
- H04L1/1829—Arrangements specially adapted for the receiver end
- H04L1/1848—Time-out mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/28—Flow control; Congestion control in relation to timing considerations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/34—Flow control; Congestion control ensuring sequence integrity, e.g. using sequence numbers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L5/00—Arrangements affording multiple use of the transmission path
- H04L5/0001—Arrangements for dividing the transmission path
- H04L5/0014—Three-dimensional division
- H04L5/0023—Time-frequency-space
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L5/00—Arrangements affording multiple use of the transmission path
- H04L5/003—Arrangements for allocating sub-channels of the transmission path
- H04L5/0042—Arrangements for allocating sub-channels of the transmission path intra-user or intra-terminal allocation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L5/00—Arrangements affording multiple use of the transmission path
- H04L5/003—Arrangements for allocating sub-channels of the transmission path
- H04L5/0044—Arrangements for allocating sub-channels of the transmission path allocation of payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L5/00—Arrangements affording multiple use of the transmission path
- H04L5/003—Arrangements for allocating sub-channels of the transmission path
- H04L5/0078—Timing of allocation
- H04L5/0082—Timing of allocation at predetermined intervals
- H04L5/0083—Timing of allocation at predetermined intervals symbol-by-symbol
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/065—Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
- H04L67/306—User profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W28/00—Network traffic management; Network resource management
- H04W28/02—Traffic management, e.g. flow control or congestion control
- H04W28/10—Flow control between communication endpoints
- H04W28/14—Flow control between communication endpoints using intermediate storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W52/00—Power management, e.g. TPC [Transmission Power Control], power saving or power classes
- H04W52/04—TPC
- H04W52/06—TPC algorithms
- H04W52/14—Separate analysis of uplink or downlink
- H04W52/143—Downlink power control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W52/00—Power management, e.g. TPC [Transmission Power Control], power saving or power classes
- H04W52/04—TPC
- H04W52/18—TPC being performed according to specific parameters
- H04W52/24—TPC being performed according to specific parameters using SIR [Signal to Interference Ratio] or other wireless path parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W52/00—Power management, e.g. TPC [Transmission Power Control], power saving or power classes
- H04W52/04—TPC
- H04W52/18—TPC being performed according to specific parameters
- H04W52/24—TPC being performed according to specific parameters using SIR [Signal to Interference Ratio] or other wireless path parameters
- H04W52/245—TPC being performed according to specific parameters using SIR [Signal to Interference Ratio] or other wireless path parameters taking into account received signal strength
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W52/00—Power management, e.g. TPC [Transmission Power Control], power saving or power classes
- H04W52/04—TPC
- H04W52/38—TPC being performed in particular situations
- H04W52/46—TPC being performed in particular situations in multi hop networks, e.g. wireless relay networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B7/00—Radio transmission systems, i.e. using radiation field
- H04B7/02—Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas
- H04B7/04—Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas
- H04B7/08—Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas at the receiving station
- H04B7/0891—Space-time diversity
- H04B7/0894—Space-time diversity using different delays between antennas
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B7/00—Radio transmission systems, i.e. using radiation field
- H04B7/14—Relay systems
- H04B7/15—Active relay systems
- H04B7/155—Ground-based stations
- H04B7/15507—Relay station based processing for cell extension or control of coverage area
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/12—Arrangements for detecting or preventing errors in the information received by using return channel
- H04L1/16—Arrangements for detecting or preventing errors in the information received by using return channel in which the return channel carries supervisory signals, e.g. repetition request signals
- H04L1/18—Automatic repetition systems, e.g. Van Duuren systems
- H04L1/1829—Arrangements specially adapted for the receiver end
- H04L1/1835—Buffer management
- H04L1/1845—Combining techniques, e.g. code combining
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L2001/0092—Error control systems characterised by the topology of the transmission link
- H04L2001/0096—Channel splitting in point-to-point links
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/127—Trusted platform modules [TPM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W52/00—Power management, e.g. TPC [Transmission Power Control], power saving or power classes
- H04W52/04—TPC
- H04W52/18—TPC being performed according to specific parameters
- H04W52/22—TPC being performed according to specific parameters taking into account previous information or commands
- H04W52/225—Calculation of statistics, e.g. average, variance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W52/00—Power management, e.g. TPC [Transmission Power Control], power saving or power classes
- H04W52/04—TPC
- H04W52/18—TPC being performed according to specific parameters
- H04W52/24—TPC being performed according to specific parameters using SIR [Signal to Interference Ratio] or other wireless path parameters
- H04W52/241—TPC being performed according to specific parameters using SIR [Signal to Interference Ratio] or other wireless path parameters taking into account channel quality metrics, e.g. SIR, SNR, CIR, Eb/lo
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W52/00—Power management, e.g. TPC [Transmission Power Control], power saving or power classes
- H04W52/04—TPC
- H04W52/18—TPC being performed according to specific parameters
- H04W52/24—TPC being performed according to specific parameters using SIR [Signal to Interference Ratio] or other wireless path parameters
- H04W52/242—TPC being performed according to specific parameters using SIR [Signal to Interference Ratio] or other wireless path parameters taking into account path loss
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Development Economics (AREA)
- Economics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Marketing (AREA)
- Bioethics (AREA)
- Tourism & Hospitality (AREA)
- Human Resources & Organizations (AREA)
- Primary Health Care (AREA)
- Technology Law (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Entrepreneurship & Innovation (AREA)
- Game Theory and Decision Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
本发明提供了一种建立会话事务标识和网络应用实体之间关联的方法,在BSF接收到来自NAF的查询TID信息时,首先判断该TID的真实性,如果该TID是真实的,则BSF再判断该TID是否对申请查询的NAF有效,如果有效,则首先保存该TID及该TID相关的密钥信息与申请查询的NAF之间的对应关系,然后再将该TID及该TID相关的密钥信息发送给NAF。应用本发明,使一个TID只针对一个或同一安全级别的NAF有效,从而避免了一个NAF被攻破,而使所有的NAF均受攻击威胁的问题。本发明将威胁限定在一个或同一级别的NAF的范围之内,从而增加了系统的安全性。而且,当NAF认为该用户使用的TID已不安全时,如NAF受到非法攻击时,将提示用户更新TID。
Description
技术领域
本发明涉及第三代无线通信技术领域,特别是指一种建立会话事务标识(TID)和网络应用实体(NAF)之间关联的方法。
背景技术
在第三代无线通信标准中,通用鉴权框架是多种应用业务实体使用的一个用于完成对用户身份进行验证的通用结构,应用通用鉴权框架可实现对应用业务的用户进行检查和验证身份。上述多种应用业务可以是多播/广播业务、用户证书业务、信息即时提供业务等,也可以是代理业务,例如多个服务和一个代理相连,这个通用鉴权框架把代理也当作一种业务来处理,组织结构可以很灵活,而且,对于以后新开发的业务也同样可以应用通用鉴权结构框架对应用业务的用户进行检查和验证身份。
图1所示为通用鉴权框架的结构示意图。通用鉴权框架通常由用户101、执行用户身份初始检查验证的实体(BSF)102、用户归属网络服务器(HSS)103和网络应用实体(NAF)104组成。BSF 102用于与用户101进行互验证身份,给经过互验证的用户101分配TID,同时生成BSF 102与用户101的共享密钥;HSS 103中存储有用于描述用户信息的描述(Profile)信息文件,同时HSS 103还兼有产生鉴权信息的功能。
用户需要使用某种业务时,如果其知道该业务需要到BSF进行互鉴权过程,则直接到BSF进行互鉴权,否则,用户会首先和某个业务对应的NAF联系,如果该NAF应用通用鉴权框架需要用户到BSF进行身份验证,则通知用户应用通用鉴权框架进行身份验证,否则进行其它相应处理。
图2所示为应用通用鉴权框架进行用户身份认证的流程图。
步骤201,用户向NAF发送业务应用请求消息;
步骤202,NAF收到该消息后,如果发现该用户还未到BSF进行互认证,通知该用户首先到BSF进行初始鉴权认证;
步骤203,用户向BSF发送初始鉴权认证请求消息,该消息中包括用户自身的标识信息;
步骤204,BSF接收到用户的鉴权请求消息后,向HSS查询该用户的鉴权信息以及Profile信息;
步骤205,BSF得到HSS发送的包含其所查信息的响应消息后,应用所查到的信息与用户执行鉴权和密钥协商协议(AKA)进行互鉴权,当BSF与用户完成AKA互鉴权,即相互认证了身份后,BSF与用户之间就拥有了共享密钥Ks;
步骤206,BSF给用户分配只包括标识号的会话事务标识(TID),且该TID对一个以上的NAF同时有效,并将已分配的TID发送给用户;
步骤207,用户收到BSF分配的TID后,重新向NAF发送业务应用请求消息,该请求消息中包含BSF分配的TID信息;
步骤208,NAF接收到用户发送的包含TID信息的业务应用请求消息时,首先在NAF本地进行查询,如查询到,则直接执行步骤210,否则,向BSF发送包含NAF本地标识的查询TID的消息,并执行步骤209;
步骤209,BSF接收到来自NAF的查询消息,在本地进行查询,如果BSF本地有NAF所查询的TID信息,则直接向NAF发送响应成功的查询消息,该消息中包括查到的TID以及该TID对应用户应用的共享密钥Ks,这时NAF和用户也共享了密钥Ks,并执行步骤210,否则BSF向NAF发送响应失败的查询消息,通知NAF没有该用户的信息,由NAF通知用户到BSF上进行鉴权,并结束该处理流程;
步骤210,NAF与用户进行正常的通信,并应用共享密钥Ks或由该共享密钥Ks衍生的密钥对以后的通信进行保护。
当用户和某个NAF的首次通信过程结束后,在以后的通信中都使用该已经过鉴权的TID和NAF进行通信,由于TID是可以重复使用的,任何一个NAF如果在本地不能找到相应的TID时,都将向BSF进行查询,因此,只要用户取得一个合法的TID后,就可以应用该TID与任何NAF进行通信。
现有技术的缺陷在于:由于BSF分配给同一用户的TID是对所有的NAF有效,而且BSF不保存使用了该TID的NAF的信息,在BSF接收到来自任一NAF的查询TID的消息时,只要能够在BSF本地查询到,就认为该TID有效,并将该TID及其与该TID相关的密钥信息发送给申请查询的NAF,也就是说,同一用户与多个NAF之间使用相同的密钥信息。在这种情况下,一旦某个NAF被攻击者攻破,即某个NAF的Ks被泄露,则攻击者可以冒充该用户应用多个NAF上的业务,这样使得该用户的所有应用业务都将受到威胁,进而使得所有NAF的功能实体均受到威胁。
发明内容
有鉴于此,本发明的目的在于提供一种建立用户的会话事务标识和不同网络应用实体之间关联的方法,使一个TID只针对一个或同一级别的NAF有效,从而解决一个NAF被攻破,而使所有的NAF均受攻击威胁的问题。
为到达上述目的,本发明的技术方案是这样实现的:
一种建立会话事务标识和网络应用实体之间关联的方法,适用于应用通用鉴权框架对用户进行身份验证的第三代无线通信领域中,该方法包括以下步骤:
a、执行用户身份初始检查验证的实体BSF接收到来自网络应用实体NAF的查询会话事务标识TID请求消息后,判断BSF本地是否有该NAF所查询的TID信息,如果有,则执行步骤b,否则给该NAF返回失败的查询响应消息;
b、BSF根据所查询到TID的属性信息判断该TID对于申请查询的NAF是否有效,如果是,则保存已更改的该TID的属性信息,及该TID相关的密钥信息与请求查询的NAF之间的对应关系的信息后,将查询到的TID及其相关的密钥信息发送给请求查询的NAF,否则,BSF给请求查询的NAF返回所查询TID无效的查询响应消息。
较佳地,步骤a所述BSF接收到来自NAF查询TID的请求消息中至少包括申请查询的NAF本地标识;
步骤b所述TID的属性信息中至少包括:该TID是否已被使用的信息;
步骤b所述BSF判断所查询到的TID对于申请查询的NAF是否有效的方法为:判断所查询到的TID是否标记为未使用,如果是,则所查询到的TID对于申请查询的NAF有效,否则,所查询到的TID对于申请查询的NAF无效;
步骤b所述更改的TID属性信息中至少包括:该TID已被使用的信息。
较佳地,步骤a所述BSF接收到来自NAF查询TID的请求消息中还包括申请查询NAF的组标识;
步骤b所述TID的属性信息中还包括:与该TID所关联NAF的组标识;
步骤b所述如果所查询到的TID的标记为已使用时,判断所查询到的TID对于申请查询的NAF是否有效的方法进一步包括:BSF判断该申请查询NAF的组标识是否与该TID属性信息中的组标识相同,如果相同,则所查询到的TID对于申请查询的NAF有效,否则,所查询到的TID对于申请查询的NAF无效;
步骤b所述更改的TID属性信息中还包括:申请查询NAF的组标识。
较佳地,步骤b所述TID的属性信息中还包括:用于记录当前已连接NAF的数目和该TID所能连接NAF数目的最大值;
步骤b所述BSF判断该申请查询NAF的组标识与该TID属性信息中的组标识相同时,判断所查询到的TID对于申请查询的NAF是否有效的方法进一步包括:判断当前该TID已连接NAF的数目是否小于等于该TID所能连接NAF数目的最大值,如果是,则所查询到的TID对于申请查询的NAF有效,否则,所查询到的TID对于申请查询的NAF无效;
步骤b所述更改的TID属性信息中还包括:已更新的当前已连接NAF的数目和该TID所能连接NAF数目的最大值。
较佳地,步骤a所述BSF接收到来自NAF查询TID的请求消息中还包括申请查询NAF的安全级别;
步骤b所述所查询到的TID信息中还包括:该TID的安全级别信息;
步骤b所述如果所查询到的TID的标记为已使用,判断所查询到的TID对于申请查询的NAF是否有效的方法进一步包括:BSF再判断所查询到的TID信息中的安全级别与预先设定的申请查询的NAF的安全级别是否相同,如果是,则所查询到的TID对于申请查询的NAF有效,否则,所查询到的TID对于申请查询的NAF无效;
步骤b所述更改的TID属性信息中还包括:该TID的安全级别信息。
较佳地,步骤b所述所查询到的TID信息中还包括:现有与NAF的关联数目、所关联的NAF的标识以及允许的最大关联数目;
步骤b所述BSF判断所查询到的TID的安全级别与预先设定的申请查询的NAF的安全级别相同之后,进一步包括:BSF判断所查询到的TID信息中的与该TID关联的NAF数目是否已经达到该安全级别内允许的最大值,如果是,则所查询到的TID对于申请查询的NAF无效,否则,所查询到的TID对于申请查询的NAF有效;
步骤b所述更改的TID属性信息中还包括:已更新的现有与NAF的关联数目、所关联的NAF的标识以及允许的最大关联数目。
较佳地,步骤b所述对应关系的信息包括:查询到的TID与应用该TID的NAF的标识的对应关系,以及该TID所对应的NAF的安全级别。
较佳地,所述步骤a执行之前,进一步包括:用户与BSF经过互认证后,由BSF给用户分配TID,且BSF和该用户共享了与TID相关的密钥信息;NAF接收到来自用户的包括TID的业务请求信息时,判断本地是否有该TID信息,如果有,则与用户进行正常的通信,否则,向BSF发送查询TID的消息后,再执行步骤a。
较佳地,该方法进一步包括:在NAF受到非法攻击时,提示用户到BSF进行重认证,更新TID及对应的密钥信息。
较佳地,步骤b所述更改的TID属性信息中还包括:申请查询NAF的标识信息。
应用本发明,在BSF接收到来自NAF的查询TID信息时,首先判断本地是否有该TID的信息,即判断该TID的真实性,如果本地有该TID信息,即该TID是真实的,则BSF再判断该TID是否对申请查询的NAF有效,如果有效,则首先保存该TID及该TID相关的密钥信息与申请查询的NAF之间的对应关系,然后再将该TID及该TID相关的密钥信息发送给NAF。应用本发明,使一个TID只针对一个或同一安全级别的NAF有效,即将一个TID与一个或同一安全级别的NAF进行绑定,从而避免了一个NAF被攻破,而使所有的NAF均受攻击威胁的问题。本发明将威胁限定在一个或同一级别的NAF的范围之内,从而增加了系统的安全性。而且,当NAF认为该用户使用的TID已不安全时,如NAF受到非法攻击时,将提示用户更新TID。
附图说明
图1所示为通用鉴权框架的结构示意图;
图2所示为应用通用鉴权框架进行用户身份认证的流程图;
图3所示为应用本发明的实施例一的流程图;
图4所示为应用本发明的实施例二的流程图。
具体实施方式
为使本发明的技术方案更加清楚,下面结合附图及具体实施例对本发明再做进一步的详细说明。
本发明的思路是:BSF接收到来自NAF的查询TID请求消息后,判断BSF本地是否有该NAF所查询的TID信息,如果没有,则给该NAF返回失败的查询响应消息;如果有,则BSF根据所查询到TID的属性信息判断该TID对于申请查询的NAF是否有效,如果是,则保存已更改的该TID的属性信息,及该TID相关的密钥信息与请求查询的NAF之间的对应关系的信息后,将查询到的TID及其相关的密钥信息发送给请求查询的NAF,否则,BSF给请求查询的NAF返回所查询TID无效的查询响应消息。
图3所示为应用本发明的实施例一的流程图;
步骤301,用户向NAF发送业务应用请求消息;
步骤302,NAF收到该消息后,如果发现该用户还未到BSF进行互认证,通知该用户首先到BSF进行初始鉴权认证;
步骤303,用户向BSF发送初始鉴权认证请求消息,该消息中包括用户自身的标识信息;
步骤304,BSF接收到用户的鉴权请求消息后,向HSS查询该用户的鉴权信息以及Profile信息;
步骤305,BSF得到HSS发送的包含其所查信息的响应消息后,应用所查到的信息与用户执行鉴权和密钥协商协议(AKA)进行互鉴权,当BSF与用户完成AKA互鉴权,即相互认证了身份后,BSF与用户之间就拥有了共享密钥Ks;
步骤306,BSF给用户分配只包括标识号的会话事务标识(TID),且该TID对所有的NAF同时有效,并将已分配的TID发送给用户;
此时,由于该TID是对任何NAF有效的,因此用户可应用其申请到的TID向任何一个NAF发起应用请求;
步骤307,用户收到BSF分配的TID后,向其选定的NAF发送业务应用请求消息,该请求消息中包含BSF分配的TID信息;
步骤308,NAF接收到用户发送的包含TID信息的业务应用请求消息后,首先判断NAF本地是否有该TID信息,如果有,则执行步骤311,否则,NAF向BSF发送包括本地NAF标识的查询TID的消息,并执行步骤309;
步骤309,BSF接收到NAF的查询TID的消息后,首先查询BSF本地是否有该TID信息,即检查NAF所查询的TID的真实性,如果本地没有该TID信息,即该TID是非法的,则BSF给NAF返回失败的响应消息,由NAF通知用户到BSF进行鉴权,并结束该处理流程;
如果本地有该TID信息,则判断本地保存的该TID的属性信息是否为“未使用”,如果是,则将该TID的“未使用”标记修改为“已使用”,并在该TID的属性信息中保存该TID和申请查询的NAF标识的对应关系,即将该TID和申请查询的NAF绑定后,执行步骤310,否则,BSF认为该TID已经和其它的NAF进行了绑定,不能再被该申请查询的NAF所应用,则给NAF返回失败的响应消息,表明该TID对申请查询的NAF无效,由NAF通知重新用户到BSF进行鉴权,并结束该处理流程;
步骤310,BSF将该TID对应用户的共享密钥Ks或由该共享密钥Ks衍生的密钥包含在成功响应消息里发送给NAF;这时NAF和用户也共享了密钥Ks或其衍生密钥,并执行步骤311;
步骤311,NAF与用户进行正常的通信,并应用共享密钥Ks或由该共享密钥Ks衍生的密钥对以后的通信进行保护。
对于上述实施例,可将某个地区内的NAF划分为一组,并设置组标识,组的数目由NAF的管理者确定,当BSF查询到本地有申请查询NAF的TID信息,且该TID的属性信息是“未使用”时,则将该TID的“未使用”标记修改为“已使用”,并在该TID的属性信息中保存该TID和申请查询的NAF标识的对应关系,以及该申请查询的NAF所在的组标识,即将该TID和申请查询的NAF绑定后,将该TID对应用户的共享密钥Ks或由该共享密钥Ks衍生的密钥包含在成功响应消息里发送给NAF;
如果BSF查询到本地有申请查询NAF的TID信息,且该TID的属性信息是“已使用”时,则BSF进一步判断该申请查询NAF的组标识是否与该TID属性信息中的组标识相同,如果相同,则认为该TID是有效的,并将该TID对应用户的共享密钥Ks或由该共享密钥Ks衍生的密钥包含在成功响应消息里发送给NAF;否则给NAF返回失败的响应消息,表明该TID对申请查询的NAF无效,由NAF通知重新用户到BSF进行鉴权,并结束该处理流程。
上述为同组内的所有NAF使用同一个TID。同组内的所有NAF也可以使用不同的TID,具体的实现方法为:
在TID的标识中增加用于记录当前已连接NAF的数目和该TID所能连接NAF数目的最大值的标识位,如果当前该TID已连接NAF的数目小于等于该TID所能连接NAF数目的最大值,则该TID对于该组内申请查询的NAF有效,否则,该TID对于该组内申请查询的NAF无效,该申请查询的NAF需对应一个新的TID。
当用户再次使用已应用过的NAF上的业务时,仍然可以使用已分配的的TID向NAF发出请求,只有当NAF认为该用户使用的TID已经不安全时,如NAF受到非法攻击并且认为用户的TID及该TID对应的密钥有可能已经被盗时,将提示用户更新TID。例如,NAF本身安装了一个用于检测自身是否安全的入侵检测系统,当这个系统报告NAF遭到了黑客的攻击时,NAF处理完自身的安全问题后将通知用户更新TID及该TID对应的密钥。
图4所示为应用本发明的实施例二的流程图。
运营商可以从安全及操作等多方面考虑,根据自己的需要,将不同安全级别的NAF划分为不同的组。例如,将安全级别低的NAF划分为一组,令它们属于一个安全域;将安全级别高的NAF划分一组,令它们属于另外一个安全域;使某些安全要求非常高的NAF自己单独为一组,每组即为一个独立的安全域。这样,可使得一个安全域共享一个TID及其相应的密钥信息。
步骤401,用户向NAF发送业务应用请求消息;
步骤402,NAF收到该消息后,如果发现该用户还未到BSF进行互认证,通知该用户首先到BSF进行初始鉴权认证;
步骤403,用户向BSF发送初始鉴权认证请求消息,该消息中包括用户自身的标识信息;
步骤404,BSF接收到用户的鉴权请求消息后,向HSS查询该用户的鉴权信息以及Profile信息;
步骤405,BSF得到HSS发送的包含其所查信息的响应消息后,应用所查到的信息与用户执行鉴权和密钥协商协议(AKA)进行互鉴权,当BSF与用户完成AKA互鉴权,即相互认证了身份后,BSF与用户之间就拥有了共享密钥Ks;
步骤406,BSF给用户分配只包括标识号的会话事务标识(TID),且该TID对所有的NAF同时有效,并将已分配的TID发送给用户;
此时,由于该TID是对任何NAF有效的,因此用户可应用其申请到的TID向任何一个NAF发起应用请求;
步骤407,用户收到BSF分配的TID后,向其选定的NAF发送业务应用请求消息,该请求消息中包含BSF分配的TID信息;
步骤408,NAF接收到用户发送的包含TID信息的业务应用请求消息后,首先判断NAF本地是否有该TID信息,如果有,则执行步骤411,否则,NAF向BSF发送包括本地NAF标识及安全级别的查询TID的消息,并执行步骤409;
步骤409,BSF接收到NAF的查询TID的消息后,首先查询BSF本地是否有该TID信息,即检查NAF所查询的TID的真实性,如果本地没有该TID信息,即该TID是非法的,则BSF给NAF返回失败的响应消息,由NAF通知用户到BSF进行鉴权,并结束该处理流程;
如果本地有该TID信息,则判断本地保存的该TID的属性信息是否为“未使用”,如果是,则将该TID的标记修改为“已使用”,并在该TID的属性信息中保存该TID和申请查询的NAF标识的对应关系,同时设置该TID的安全级别为该申请查询的NAF的安全级别,以及该安全级别TID所允许连接的最大数目,和已更新的现有连接NAF数目信息,即将该TID和申请查询的NAF绑定后,执行步骤410,
如果BSF本地保存的该TID的属性信息标识为“已使用”,则BSF判断该TID的属性信息中的安全级别是否与申请查询的NAF的安全级别相同,如果安全级别相同,则BSF进一步判断在该安全级别内,该TID的属性信息中的与NAF的关联数目是否已到达该安全级别能够允许的最大值,在最高安全级别内可能只允许一个TID与一个NAF连接,而在相对较低的安全级别内,可允许一个TID与一个以上的NAF连接,具体连接的数目可根据实际需要确定,如果是,BSF认为该TID连接的NAF数目已达到饱和,不能再被该申请查询的NAF所应用,并给NAF返回失败的响应消息,表明该TID对申请查询的NAF无效,由NAF通知重新用户到BSF进行鉴权,并结束该处理流程,否则,BSF在该TID的属性信息中保存该TID和申请查询的NAF标识的对应关系及已更新的现有连接NAF数目信息,即将该TID和申请查询的NAF绑定后执行步骤410,
如果安全级别不同,则BSF认为该TID已经和其它的NAF进行了绑定,不能再被该申请查询的NAF所应用,直接给NAF返回失败的响应消息,表明该TID对申请查询的NAF无效,由NAF通知重新用户到BSF进行鉴权,并结束该处理流程;
步骤410,BSF将该TID对应用户的共享密钥Ks或由该共享密钥Ks衍生的密钥包含在成功响应消息里发送给NAF;这时NAF和用户也共享了密钥Ks或其衍生密钥,并执行步骤411;
步骤411,NAF与用户进行正常的通信,并应用共享密钥Ks或由该共享密钥Ks衍生的密钥对以后的通信进行保护。
当用户再次使用已应用过的NAF上的业务时,仍然可以使用已分配的的TID向NAF发出请求,只有当NAF认为该用户使用的TID已经不安全时,如NAF受到非法攻击并且认为用户的TID及该TID对应的密钥有可能已经被盗时,将提示用户更新TID。例如,NAF本身安装了一个用于检测自身是否安全的入侵检测系统,当这个系统报告NAF遭到了黑客的攻击时,NAF处理完自身的安全问题后将通知用户更新TID及该TID对应的密钥。
对于同一安全级别的NAF而言,当一个NAF认为某个用户使用的TID已经不安全时,将提示该用户更新TID,该安全级别内的每个NAF收到新TID后,都会到BSF进行查询,如BSF查询成功,则保存该TID的属性信息,并给NAF返回成功的响应消息,该成功的响应消息中包括NAF所查询的TID、以及该TID所对应的密钥信息。此时,NAF将保存该新的TID以及与该TID相关的密钥信息,同时将本地保存的旧TID以及与旧TID相关的密钥信息标为禁用,或删除。
NAF可以是一个应用服务器,也可以是多个应用服务器的代理。当NAF是应用服务器代理时,NAF后面可以连接多个应用服务器,即一个NAF代表多个应用,这时NAF虽然代表多个应用服务器,但NAF自身仍是一个实体。
以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。
Claims (10)
1、一种建立会话事务标识和网络应用实体之间关联的方法,适用于应用通用鉴权框架对用户进行身份验证的第三代无线通信领域中,其特征在于,该方法包括以下步骤:
a、执行用户身份初始检查验证的实体BSF接收到来自网络应用实体NAF的查询会话事务标识TID请求消息后,判断BSF本地是否有该NAF所查询的TID信息,如果有,则执行步骤b,否则给该NAF返回失败的查询响应消息;
b、BSF根据所查询到TID的属性信息判断该TID对于申请查询的NAF是否有效,如果是,则保存已更改的该TID的属性信息,及该TID相关的密钥信息与请求查询的NAF之间的对应关系的信息后,将查询到的TID及其相关的密钥信息发送给请求查询的NAF,否则,BSF给请求查询的NAF返回所查询TID无效的查询响应消息。
2、根据权利要求1所述的方法,其特征在于,
步骤a所述BSF接收到来自NAF查询TID的请求消息中至少包括申请查询的NAF本地标识;
步骤b所述TID的属性信息中至少包括:该TID是否已被使用的信息;
步骤b所述BSF判断所查询到的TID对于申请查询的NAF是否有效的方法为:判断所查询到的TID是否标记为未使用,如果是,则所查询到的TID对于申请查询的NAF有效,否则,所查询到的TID对于申请查询的NAF无效;
步骤b所述更改的TID属性信息中至少包括:该TID已被使用的信息。
3、根据权利要求2所述的方法,其特征在于,
步骤a所述BSF接收到来自NAF查询TID的请求消息中还包括申请查询NAF的组标识;
步骤b所述TID的属性信息中还包括:与该TID所关联NAF的组标识;
步骤b所述如果所查询到的TID的标记为已使用时,判断所查询到的TID对于申请查询的NAF是否有效的方法进一步包括:BSF判断该申请查询NAF的组标识是否与该TID属性信息中的组标识相同,如果相同,则所查询到的TID对于申请查询的NAF有效,否则,所查询到的TID对于申请查询的NAF无效;
步骤b所述更改的TID属性信息中还包括:申请查询NAF的组标识。
4、根据权利要求3所述的方法,其特征在于,
步骤b所述TID的属性信息中还包括:用于记录当前已连接NAF的数目和该TID所能连接NAF数目的最大值;
步骤b所述BSF判断该申请查询NAF的组标识与该TID属性信息中的组标识相同时,判断所查询到的TID对于申请查询的NAF是否有效的方法进一步包括:判断当前该TID已连接NAF的数目是否小于等于该TID所能连接NAF数目的最大值,如果是,则所查询到的TID对于申请查询的NAF有效,否则,所查询到的TID对于申请查询的NAF无效;
步骤b所述更改的TID属性信息中还包括:已更新的当前已连接NAF的数目和该TID所能连接NAF数目的最大值。
5、根据权利要求2所述的方法,其特征在于,
步骤a所述BSF接收到来自NAF查询TID的请求消息中还包括申请查询NAF的安全级别;
步骤b所述所查询到的TID信息中还包括:该TID的安全级别信息;
步骤b所述如果所查询到的TID的标记为已使用,判断所查询到的TID对于申请查询的NAF是否有效的方法进一步包括:BSF再判断所查询到的TID信息中的安全级别与预先设定的申请查询的NAF的安全级别是否相同,如果是,则所查询到的TID对于申请查询的NAF有效,否则,所查询到的TID对于申请查询的NAF无效;
步骤b所述更改的TID属性信息中还包括:该TID的安全级别信息。
6、根据权利要求5所述的方法,其特征在于,
步骤b所述所查询到的TID信息中还包括:现有与NAF的关联数目、所关联的NAF的标识以及允许的最大关联数目;
步骤b所述BSF判断所查询到的TID的安全级别与预先设定的申请查询的NAF的安全级别相同之后,进一步包括:BSF判断所查询到的TID信息中的与该TID关联的NAF数目是否已经达到该安全级别内允许的最大值,如果是,则所查询到的TID对于申请查询的NAF无效,否则,所查询到的TID对于申请查询的NAF有效;
步骤b所述更改的TID属性信息中还包括:已更新的现有与NAF的关联数目、所关联的NAF的标识以及允许的最大关联数目。
7、根据权利要求1所述的方法,其特征在于,步骤b所述对应关系的信息包括:查询到的TID与应用该TID的NAF的标识的对应关系,以及该TID所对应的NAF的安全级别。
8、根据权利要求1所述的方法,其特征在于,所述步骤a执行之前,进一步包括:用户与BSF经过互认证后,由BSF给用户分配TID,且BSF和该用户共享了与TID相关的密钥信息;NAF接收到来自用户的包括TID的业务请求信息时,判断本地是否有该TID信息,如果有,则与用户进行正常的通信,否则,向BSF发送查询TID的消息后,再执行步骤a。
9、根据权利要求1所述的方法,其特征在于,该方法进一步包括:在NAF受到非法攻击时,提示用户到BSF进行重认证,更新TID及对应的密钥信息。
10、根据权利要求2~6所述的方法,其特征在于,步骤b所述更改的TID属性信息中还包括:申请查询NAF的标识信息。
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101140699A CN100466515C (zh) | 2003-11-11 | 2003-11-11 | 一种建立会话事务标识和网络应用实体之间关联的方法 |
| PCT/CN2004/001213 WO2005046119A1 (en) | 2003-11-11 | 2004-10-26 | A method of setting up the association between the session transaction identification and the network application entity |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101140699A CN100466515C (zh) | 2003-11-11 | 2003-11-11 | 一种建立会话事务标识和网络应用实体之间关联的方法 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1617494A true CN1617494A (zh) | 2005-05-18 |
| CN100466515C CN100466515C (zh) | 2009-03-04 |
Family
ID=34558466
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2003101140699A Expired - Fee Related CN100466515C (zh) | 2003-11-11 | 2003-11-11 | 一种建立会话事务标识和网络应用实体之间关联的方法 |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN100466515C (zh) |
| WO (1) | WO2005046119A1 (zh) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006047960A1 (fr) * | 2004-11-05 | 2006-05-11 | Huawei Technologies Co., Ltd. | Procede et systeme de garantie de la confidentialite de l'identification d'utilisateur |
| US7941121B2 (en) | 2003-11-07 | 2011-05-10 | Huawei Technologies Co., Ltd. | Method for verifying the validity of a user |
| CN102238000A (zh) * | 2010-04-21 | 2011-11-09 | 华为技术有限公司 | 加密通信方法、装置及系统 |
| CN108702615A (zh) * | 2016-02-12 | 2018-10-23 | 瑞典爱立信有限公司 | 保护接口以及用于建立安全通信链路的过程 |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1319966A (zh) * | 2001-03-20 | 2001-10-31 | 杨大成 | 蜂窝移动通信网电子商务小额支付系统设计方案 |
| ATE375044T1 (de) * | 2002-04-18 | 2007-10-15 | Nokia Corp | Verfahren, system und einrichtung zur dienstauswahl über ein drahtloses lokales netzwerk |
| CN1148683C (zh) * | 2002-04-30 | 2004-05-05 | 北京信源咨讯信息技术有限公司 | 无线身份认证和数据收发的门禁方法及其门禁系统 |
-
2003
- 2003-11-11 CN CNB2003101140699A patent/CN100466515C/zh not_active Expired - Fee Related
-
2004
- 2004-10-26 WO PCT/CN2004/001213 patent/WO2005046119A1/zh active Application Filing
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7941121B2 (en) | 2003-11-07 | 2011-05-10 | Huawei Technologies Co., Ltd. | Method for verifying the validity of a user |
| WO2006047960A1 (fr) * | 2004-11-05 | 2006-05-11 | Huawei Technologies Co., Ltd. | Procede et systeme de garantie de la confidentialite de l'identification d'utilisateur |
| CN102238000A (zh) * | 2010-04-21 | 2011-11-09 | 华为技术有限公司 | 加密通信方法、装置及系统 |
| CN102238000B (zh) * | 2010-04-21 | 2015-01-21 | 华为技术有限公司 | 加密通信方法、装置及系统 |
| US9331986B2 (en) | 2010-04-21 | 2016-05-03 | Huawei Technologies Co., Ltd. | Encryption communication method, apparatus and system |
| CN108702615A (zh) * | 2016-02-12 | 2018-10-23 | 瑞典爱立信有限公司 | 保护接口以及用于建立安全通信链路的过程 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100466515C (zh) | 2009-03-04 |
| WO2005046119A1 (en) | 2005-05-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1265676C (zh) | 一种实现漫游用户使用拜访网络内业务的方法 | |
| CN1315268C (zh) | 一种验证用户合法性的方法 | |
| CN1203689C (zh) | 处理有关经蜂窝网连接到分组数据网的终端的位置信息的方法 | |
| CN105897782A (zh) | 一种针对接口的调用请求的处理方法及装置 | |
| CN102111326B (zh) | 在二层隧道协议虚拟专用网实现移动的方法、系统和装置 | |
| CN1914848A (zh) | 用于网络元件的密钥管理 | |
| CN1859409A (zh) | 一种提高网络动态主机配置dhcp安全性的方法和系统 | |
| CN1856163A (zh) | 一种具有会话边界控制器的通信系统及其传输信令的方法 | |
| CN1859165A (zh) | 一种业务跟踪的方法和系统 | |
| CN1835436A (zh) | 一种通用鉴权框架及一种实现鉴权的方法 | |
| CN1921682A (zh) | 增强通用鉴权框架中的密钥协商方法 | |
| CN1279551A (zh) | 通信网和移动代理者迁移的管理 | |
| CN101039181A (zh) | 防止通用鉴权框架中服务功能实体受攻击的方法 | |
| CN102740296A (zh) | 一种移动终端可信网络接入方法和系统 | |
| CN1300976C (zh) | 一种网络应用实体获取用户身份标识信息的方法 | |
| CN101079695A (zh) | 一种网络安全验证系统及方法 | |
| CN1614923A (zh) | 一种分配会话事务标识的方法 | |
| CN1617494A (zh) | 一种建立会话事务标识和网络应用实体之间关联的方法 | |
| CN1705262A (zh) | 网络安全防护系统及方法 | |
| CN101945053A (zh) | 一种报文的发送方法和装置 | |
| CN1728636A (zh) | 一种客户端认证的方法 | |
| CN1849003A (zh) | 一种对用户鉴权的方法 | |
| CN1852222A (zh) | 无线接入宽带用户的管理方法及其装置 | |
| CN102752266A (zh) | 访问控制方法及其设备 | |
| CN1302633C (zh) | 一种保证通用鉴权框架系统安全的方法 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090304 Termination date: 20141111 |
|
| EXPY | Termination of patent right or utility model |